You can integrate your Cloud NGFW resource with Strata Cloud Manager for policy management. This integration allows you to use a single Strata Cloud Manager to centrally manage a shared set of security rules on Cloud NGFW resources alongside your physical and virtual firewall appliances. You can also manage all aspects of shared policy configurations, gain comprehensive visibility with actionable insights, and generate reports on traffic patterns or security incidents of your Cloud NGFW resources, all from a single console.

You can register your Cloud NGFW resources with an existing Strata Cloud Manager that you activated based on your AIOps, NGFW, Prisma Access, or Strata Cloud Manager Pro/Essential licenses. If you do not have a Strata Cloud Manager, you can activate a new Strata Cloud Manager Essentials (steps 1-8) to use with Cloud NGFW. In either case, the integration automatically enables Strata Cloud Manager Pro features for Cloud NGFW.

It may take approximately 45–50 minutes to upgrade from Strata Cloud Manager Essentials to PRO when you register the first resource.

When using Strata Cloud Manager for Cloud NGFW policy management, consider the following:

• When first registering to Strata Cloud Manager, Cloud NGFW resources (for example, the resource ID) may fail to display. These resources will appear after a few moments if there are no underlying connection issues.
• Best practices for Cloud NGFW Strata Cloud Manager policy management differ from those using Panorama policy management with your Cloud NGFW resource. For example, some pass-through traffic in a Panorama managed environment may be dropped in a Strata Cloud Manager-managed Cloud NGFW resource.
• X-forwarded functionality is not supported in Strata Cloud Manager policy management for your Cloud NGFW.
• Cloud certificate is not supported.
• DLP is not supported.
• DAGs is not supported.
• When configuring security rules for your Strata Cloud Manager-managed Cloud NGFW, you must specify ANY for the security rule. However, the from/to zone appears as the Data Zone in the Strata Logging Service.